Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberUS6026440 A
Publication typeGrant
Application numberUS 08/789,697
Publication dateFeb 15, 2000
Filing dateJan 27, 1997
Priority dateJan 27, 1997
Fee statusLapsed
Publication number08789697, 789697, US 6026440 A, US 6026440A, US-A-6026440, US6026440 A, US6026440A
InventorsTheodore Jack London Shrader, Michael Bradford Ault, Ernst Robert Plassmann, Bruce Arland Rich, Mickella Ann Rosiles, Shaw-Ben Shi
Original AssigneeInternational Business Machines Corporation
Export CitationBiBTeX, EndNote, RefMan
External Links: USPTO, USPTO Assignment, Espacenet
Web server account manager plug-in for monitoring resources
US 6026440 A
Abstract
An account manager plug-in for a Web server having an application programming interface (API). The plug-in is preferably a computer program product comprising a set of instructions (program code) encoded on a computer-readable substrate. This plug-in includes program code for establishing a set of one or more monitored resources (e.g., UrlCounter, ByteCounter, PageCounter and FailedLoginCounter) and for defining a threshold rule for at least one of the set of monitored resources. As Web transactions occur at the Web server, the account manager is responsive to a monitored resource exceeding a condition of a threshold rule for triggering one of a set of threshold actions. The set of threshold actions, for example, include clearing a record counter, running a given program, sending an e-mail note and disabling or enabling a user account.
Images(2)
Previous page
Next page
Claims(20)
Having thus described our invention, what we claim as new and desire to secure by Letters Patent is set forth in the following claims:
1. A monitoring system for a Web server having an application programming interface (API), comprising:
a plug-in communicating with the Web server, the plug-in receiving operational parameter data from the Web server, the plug-in comprising:
a list of a set of one or more resources to be monitored;
a threshold rule for at least one of the set of monitored resources;
a transaction monitor responsive to Web transactions at the Web server, the transaction monitor storing information on transactions affecting one or more of the set of monitored resources; and
a threshold monitor responsive to the transaction monitor, the threshold monitor triggering one of a set of threshold actions in response to the at least one of the set of monitored resources exceeding the threshold rule.
2. The monitoring system as described in claim 1 wherein the set of one or more monitored resources includes a resource selected from the group consisting of: a number of times a URL location is accessed, a number of bytes a user has accessed, a number of operations a user has initiated, and a number of times a user has a failed login.
3. The monitoring system as described in claim 1 wherein the information on a monitored resource is stored by the transaction monitor in a database having a column format.
4. The monitoring system as described in claim 1 further including a threshold definition file in which threshold rules are stored.
5. The monitoring system as described in claim 1 wherein the set of threshold actions include an action selected from the group consisting of: clearing a record counter, running a given program, sending an e-mail note, disabling a user account, and enabling a user account.
6. The monitoring system as described in claim 1 wherein the threshold monitor logs the threshold action triggered.
7. The monitoring system as described in claim 1 wherein the condition of the threshold rule is evaluated after a database record for a monitored resource is updated.
8. A computer program product in a computer-readable medium for use in a Web server for administration and management of server transactions, comprising:
a plug-in communicating with the Web server, the plug-in receiving operational parameter data from the Web server, the plug-in comprising:
a list of a set of one or more resources to be monitored;
a threshold rule for at least one of the set of monitored resources;
a transaction monitor responsive to Web transactions at the Web server, the transaction monitor storing information on transactions affecting one or more of the set of monitored resources; and
a threshold monitor responsive to the transaction monitor, the threshold monitor triggering one of a set of threshold actions in response to the at least one of the set of monitored resources exceeding the threshold rule.
9. The computer program product as described in claim 8 wherein the set of monitored resources includes a resource selected from the group consisting of: a number of times a URL location is accessed, a number of bytes a user has accessed, a number of operations a user has initiated, and a number of times a user has a failed login.
10. The computer program product as described in claim 8 wherein the set of threshold actions include an action selected from the group consisting of: clearing a record counter, running a given program, sending an e-mail note, disabling a user account and enabling a user account.
11. A computer, comprising:
a processor;
an operating system;
a Web server program having an application programming interface (API) for processing HTTP client requests; and an account manager plug-in to the API, the account manager plug-in receiving operational parameter data from the Web server, comprising:
a list of a set of one or more resources to be monitored;
a threshold rule for at least one of the set of monitored resources;
a transaction monitor responsive to Web transactions at the Web server, the transaction monitor storing information on transactions affecting one or more of the set of monitored resources; and
a threshold monitor responsive to the transaction monitor, the threshold monitor triggering one of a set of threshold actions in response to the at least one of the set of monitored resources exceeding the threshold rule.
12. The computer as described in claim 11 wherein the set of monitored resources includes a resource selected from the group consisting of: a number of times a URL location is accessed, a number of bytes a user has accessed, a number of operations a user has initiated, and a number of times a user has a failed login.
13. The computer as described in claim 11 wherein the set of threshold actions include an action selected from the group consisting of: clearing a record counter, running a given program, sending an e-mail note, disabling a user account and enabling a user account.
14. A method operative at a Web server in a stateless client-server environment for managing server transactions, comprising the steps of:
initiating an account manager plug-in in communication with the Web server;
establishing a set of one of more resources to be monitored;
defining a threshold rule for at least one of the set of monitored resources;
monitoring Web server transactions initiated from client machines to the Web server via the account manager plug-in and storing information on the set of one or more monitored resources; and
responsive to the account manager plug-in detecting a monitored resource exceeding a condition of a threshold rule, triggering one of a set of threshold actions.
15. The method as described in claim 14 wherein the set of one or more monitored resources includes a resource selected from the group consisting of: a number of times a URL location is accessed, a number of bytes a user has accessed, a number of operations a user has initiated, and a number of times a user has a failed login.
16. The method as described in claim 14 wherein the set of threshold actions include an action selected from the group consisting of: clearing a record counter, running a given program, sending an e-mail note, disabling a user account and enabling a user account.
17. The method as described in claim 14 further including the step of logging the threshold actions triggered.
18. The method as described in claim 14 wherein the condition of the threshold rule is evaluated after a database record for a monitored resource is updated.
19. In a Web server connectable to a distributed computing environment having a distributed file system service and a security service for returning a credential to a user authenticated to access the distributed file system service, the improvement comprising:
a plug-in communicating with the Web server, the plug-in receiving operational parameter data from the Web server, the plug-in comprising:
a list of a set of one or more resources to be monitored;
a threshold rule for at least one of the set of monitored resources;
a transaction monitor responsive to Web transactions at the Web server, the transaction monitor storing information on transactions affecting one or more of the set of monitored resources; and
a threshold monitor responsive to the transaction monitor, the threshold monitor triggering one of a set of threshold actions in response to the at least one of the set of monitored resources exceeding the threshold rule.
20. In the Web server as described in claim 19 further including:
means responsive to the monitored resource exceeding the condition of the threshold rule for logging the threshold action triggered.
Description
TECHNICAL FIELD

The present invention relates generally to administration and management of Web server transactions.

BACKGROUND OF THE INVENTION

The World Wide Web of the Internet is the most successful distributed application in the history of computing. In the Web environment, client machines effect transactions to Web servers use the Hypertext Transfer Protocol (HTTP), which is a known application protocol providing users access to files (e.g., text, graphics, images, sound, video, etc.) using a standard page description language known as Hypertext Markup Language (HTML). HTML provides basic document formatting and allows the developer to specify "links" to other servers and files. In the Internet paradigm, a network path to a server is identified by a so-called Uniform Resource Locator (URL) having a special syntax for defining a network connection. Use of an HTML-compatible browser (e.g., Netscape Navigator) at a client machine involves specification of a link via the URL. In response, the client makes a request to the server identified in the link and receives in return a document formatted according to HTML.

The Web server is usually a standalone file server that services various Web document requests. Because the server is self-contained, web site administration is cumbersome because access control must be individualized for each device. Although conventional Web servers have some basic administration tools, such as the ability to log transactions and run reports, these tools are not flexible enough to provide the administrator with sufficient information in order to "fine tune" the site. Thus, for example, an administrator certainly will want to know whether a particular Web page was highly active so that the page could be put on a faster server for better site performance. Currently-existing administration tools do not afford sufficient flexibility to manage the server at such a fine level.

The burdens on Internet administrators will grow even more rapidly in volume and complexity as they attempt to manage Distributed File System (DFS) access through their Web servers. DFS is part of a known distributed computing environment, called DCE, that has been implemented using software available from the Open Systems Foundation (OSF). DFS provides many advantages over a standalone file server, such as higher availability of data and resources, the ability to share information throughout a very large-scale system, and protection of information by the robust DCE security mechanism. In particular, DFS makes files highly available through replication, making it possible to access a copy of a file if one of the machines where the file is located goes down. DFS also brings together all of the files stored in various file systems in a global namespace. Multiple servers can export their file system to this namespace. All DFS users, in the meantime, share this namespace, making all DFS files readily available from any DFS client machine.

It would be highly desirable to extend the functionality of existing standalone Web servers in the enterprise environment to take advantage of the scalability, file availability and security features of DFS (or other similar distributed file systems). Before this goal can be achieved, however, it is necessary to provide new techniques and solutions for administration and management of Web server transactions.

This is the problem addressed by the teachings of the present invention.

BRIEF SUMMARY OF THE INVENTION

It is thus a primary object of the invention to provide for the efficient administration and management of Web server transactions.

It is a more specific object to administer and manage Distributed File Systems (DFS) Web server transactions.

Yet another object of the invention is to implement an administration and management system as a callable module or plug-in to the Web server.

Still another object of the invention is to store information about a set of designated monitored resources. These resources include, for example, the number of times a URL location is accessed (UrlCounter), the number of bytes a user has accessed (ByteCounter), the number of operations a user has initiated (PageCounter), and a number of times a user has a failed login (FailedLoginCounter).

Another more specific object of the invention is to monitor Web specific server resources and allow administrators to define triggerable actions that should occur when counter values for these resources meet certain criteria. The administrator can, for example, create a threshold rule that sends an e-mail note or runs a paging program when more than a predetermined number of login attempts take place.

It is a further more general object of the invention to simplify the administration and management of Web servers.

It is still another general object to reduce the cost of Internet server administration through the use of a consistent, simplistic and portable interface that enables administrators to easily manage transactions on Web servers.

Another object of the invention is to provide a novel administration and management plug-in for a server connected to the Internet, to an Intranet, or to a virtual private network.

These and other objects are achieved by providing an account manager plug-in for a Web server having an application programming interface (API). The plug-in is preferably a computer program product comprising a set of instructions (program code) encoded on a computer-readable substrate. This plug-in includes program code for establishing a set of one or more monitored resources (e.g., UrlCounter, ByteCounter, PageCounter and FailedLoginCounter) and for defining a threshold rule for at least one of the set of monitored resources. As Web transactions occur at the Web server, the account manager is responsive to a monitored resource exceeding a condition of a threshold rule for triggering one of a set of threshold actions. The set of threshold actions, for example, include clearing a record counter, running a given program or sending an e-mail note.

Preferably, threshold rules are stored in a threshold definition file, and each monitored resource includes a database in which the information about the resource is stored in a given format. Generally, the condition of the threshold rule is evaluated after a database record (for the monitored resource) is updated.

The foregoing has outlined some of the more pertinent objects and features of the present invention. These objects should be construed to be merely illustrative of some of the more prominent features and applications of the invention. Many other beneficial results can be attained by applying the disclosed invention in a different manner or modifying the invention as will be described. Accordingly, other objects and a fuller understanding of the invention may be had by referring to the following Detailed Description of the Preferred Embodiment.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of the present invention and the advantages thereof, reference should be made to the following Detailed Description taken in connection with the accompanying drawings in which:

FIG. 1 is a representative system in which the account manager plug-in and of the present invention is implemented;

FIG. 2 is a flowchart of the server side operations during a conventional Web transaction in response to receipt of a request from a client machine;

FIG. 3 is a process flow diagram illustrating a DFS Web transaction;

FIG. 4 is a flowchart illustrating the basic administration and management features of the account manager invention; and

FIG. 5 is a flowchart illustrating steps followed to determine whether or not a resource should be monitored and threshold rules triggered.

DETAILED DESCRIPTION

A representative system in which the present invention is implemented is illustrated in FIG. 1. A client machine 10 is connected to a Web server platform 12 via a communication channel 14. For illustrative purposes, channel 14 is the Internet, an Intranet or other known connection. In the case of the Internet, Web server platform 12 is one of a plurality of servers which are accessible by clients, one of which is illustrated by machine 10. A client machine includes a browser 16, which is a known software tool used to access the servers of the network. Representative browsers include, among others, Netscape Navigator (all versions), Microsoft Internet Explorer (all versions) or the like, each of which are "off-the-shelf" or downloadable software programs. The Web server platform (sometimes referred to as a "Web" site) supports files in the form of hypertext documents and objects. In the Internet paradigm, a network path to a server is identified by a so-called Uniform Resource Locator (URL). The World Wide Web is the Internet's multimedia information retrieval system. In particular, it is a collection of servers of the Internet that use the Hypertext Transfer Protocol (HTTP), which provides users access to files using Hypertext Markup Language (HTML).

A representative Web Server platform 12 comprises an IBM RISC System/6000 computer 18 (a reduced instruction set of so-called RISC-based workstation) running the AIX (Advanced Interactive Executive Version 4.1 and above) Operating System 20 and a Web server program 22, such as Netscape Enterprise Server Version 2.0, that supports interface extensions The platform 12 also includes a graphical user interface (GUI) 24 for management and administration. The various models of the RISC-based computers are described in many publications of the IBM Corporation, for example, RISC System/6000, 7013 and 7016 POWERstation and POWERserver Hardware Technical Reference, Order No. SA23-2644-00. AIX OS is described in AIX Operating System Technical Reference, published by IBM Corporation, First Edition (November 1985), and other publications. While the above platform is useful, any other suitable hardware/operating system/web server combinations may be used.

The Web Server accepts a client request and returns a response. The operation of the server is governed by a number of server application functions (SAFs) 28, each of which is configured to execute in a certain step of a sequence. This sequence, illustrated in FIG. 2, begins with authorization translation (AuthTrans) 30, during which the server translates any authorization information sent by the client into a user and a group. If necessary, the AuthTrans step may decode a message to get the actual client request. At step 32, called name translation (NameTrans), the URL associated with the request may be kept intact or it can be translated into a system-dependent file name, a redirection URL or a mirror site URL. At step 34, called path checks (PathCheck), the server performs various tests on the resulting path to ensure that the given client may retrieve the document. At step 36, sometimes referred to as object types (ObjectType), MIME (Multipurpose Internet Mail Extension) type information (e.g., text/html, image/gif, etc.) for the given document is identified. At step 38, called Service (Service), the Web server routine selects an internal server function to send the result back to the client via a normal server-service routine. The particular function selected depends on the nature of the request. At step 40, called Add Log (AddLog), information about the transaction is recorded. At step 42, called Error, the server responds to the client when it encounters an error. Further details of these operations may be found in the Netscape Web Server Programmer's Guide, Chapter 5, which is incorporated herein by reference.

Thus, the Web server 18 includes a known set of server application functions (SAFs). These functions take the client's request and other configuration data of the server as input and return a response to the server as output. Referring back to FIG. 1, the Web server 12 also includes an Application Programming Interface (API) 26 that provides extensions to enable application developers to extend and/or customize the core functionality thereof (namely, the SAFs) through software programs commonly referred to as "plug-ins." The present invention makes use of the server API 26 to provide for a plug-in account manager 25 that facilitates administration and management of server transactions. The account manager 25 has one or more associated databases 27.

Referring now back to FIG. 1, the client machine 10 may access, browse and retrieve documents located in the Web server or in a distributed file system 50 in which the Web server is connected. One such file system 50 is Distributed File Services (DFS), which is a known distributed file system implemented in a networked environment called the Distributed Computing Environment (DCE). DCE has been implemented using software available from the Open Systems Foundation (OSF). DCE DFS 50 provides data sharing services by making use of remote procedure calls (RPC's) for naming, and a DCE Security Service 52 for authentication services. DFS 50 interfaces to the DCE Security Service 52 via a plug-in 29 and the session manager process 31, as described in copending application Ser. No. 08/790,042 now U.S. Pat. No. 5,918,228, and assigned to the assignee of this application.

The control flow associated with a Web transaction to DFS 50 is illustrated in the process flow diagram of FIG. 3. Session manager 31 starts up upon initialization of the Web server and is preferably run by the workstation computer 18. When the client 10 (through the browser 16) requests a DFS document (step a), the Web server 18 invokes a server path check (using the SAF plug-in 29)(step b). The PathCheck checks with the session manager 31 to determine whether the user has appropriate DCE credentials. If not (step c), the SAF plug-in 29 will return an error message (e.g., "401; Unauthorized") to the browser 16 (step d) and prompt the user for user id and password. After getting the user id and password from the user (step e), the SAF plug-in invokes the session manager 31 (step f) to obtain the DCE credential for the user. Session manager 31 returns the DCE credential to the Web server (step g). The server then uses this user credential to represent the user to retrieve documents stored in DFS 50 (step h). After retrieving the documents, the account manager 25 is invoked (step i) to save appropriate usage information into its database 27 (step j).

Although the account manager 25 is illustrated as being used in the DFS Web server environment of FIG. 3, it should also be appreciated that it may be used with the Web server operating in a standalone mode. Indeed, the following description of the preferred features of the account manager 25 are not limited for use in any particular operating environment or with any particular type of Web server.

Preferably, the account manager 25 is implemented as a callable module or plug-in (through the API) of the Web server. According to the invention, the account manager includes support for enabling the administrator to designate a set of one or more "monitored resources", to define threshold rules for the monitored resources, and to effect a set of threshold actions that take place when monitored resources satisfy the conditions of the threshold rules. A simplified flowchart of the preferred operation of the account manager is seen in FIG. 4.

At step 60, a method of managing Web server transactions begins by having the server administrator identify a set of one or more resources that are desired to be monitored by the account manager. At step 62, the administrator defines a set of threshold rules used to create thresholds against which the resources can be tested. Thus, for example, the following monitored resources can be stored and have thresholds defined against them:

Number of times a URL location is accessed. (UrlCounter)

This resource provides the administrator with an indication of the popularity of certain documents, namely, the frequency that they have been accessed.

Number of bytes a user has accessed. (ByteCounter)

This resource provides the administrator with the raw volume of data retrieved by a particular user.

Number of operations a user has initiated. (PageCounter)

This resource provides the administrator with transaction information for a particular user. Transaction actions include getting the contents of a web page and individual images on the page.

Number of times a user has a failed login. (FailedLoginCounter)

This resource provides the administrator with the number of invalid login attempts to DCE.

The counters associated with each record can be reset manually by the administrator or automatically at a given time by the account manager as specified in a configuration file. In the embodiment of FIG. 3, all monitored resources require name and value pairs be passed to the account manager 25 to indicate that the particular request has been serviced by the session manager 31.

Returning now to FIG. 4, it is now assumed that users are "browsing" the Internet and accessing documents in the Web server and/or the distributed file system 50. Such activity creates information on the set of one or more monitored resources, and this is represented by step 64 in the flowchart of FIG. 3. At step 66, a test is made to determine whether a monitored resource matches a condition of a threshold rule defined for that resource. If the outcome of the test at step 66 is negative, the routine recycles. If, however, the outcome of the test at step 66 is positive, indicating the monitored resource counter matches the threshold established by the rule, one of a set of threshold "actions" may be triggered in the account manager. This is represented as step 68. The set of threshold actions include clearing a record counter (of the monitored resource), running a given program, sending an e-mail note, or some other admin or management action such as disabling or enabling a DCE user account. As seen in FIG. 4, the steps are illustrated with respect to a single threshold rule/monitored resource, but it should be appreciated that the same operation takes place with respect to each rule/resource. Preferably, step 66 (checking whether the threshold is matched) is carried out after a database record (for the monitored resource) is updated or stored. This operation, however, can be overridden by the administrator. In particular, if the administrator indicates that a resource should not be monitored via the configuration file, the threshold rules for monitored resource will not be checked. At step 70, the particular threshold action triggered at step 68 may be logged. This completes the basic processing of the account manager.

After triggering and logging a threshold, the cycle continues with the account manager monitoring information for each Web transaction. Note that the administrator can specify that all matching threshold rules be triggered or just the first match.

The detailed operation of the account manager is now described. As noted above, the account manager as implemented (in FIG. 3) focuses on monitoring DFS Web specific or related resources. Resources are currently defined as the name and value pairs passed into the parameter block of the account manager server plug-in. The account manager need not attempt to monitor all the resources that are available through the Web server, which will typically have a number of administrative functions already built in to monitor its resources.

Preferably, the account manager stores information on each monitored resource in column format. For each monitored resource database, the column format may be as follows:

resource-value counter last-reset-timestamp

The resource-value is a string. The counter value will be zero or greater. The last-reset-timestamp is in a form similar to: 843056349 Wednesday, 18-Sep-96 09:19:09 CDT.

As noted above, one of the features of the account manager is that the administrator can define thresholds based on monitored resources. The threshold rules are stored in a threshold definition file. The fully-qualified file name to the threshold file is stored in the server configuration file. The layout of the threshold file is similar to an INI file format. The threshold file contains one or more threshold rules.

Threshold Rule Format

The format of each threshold rule is defined as follows:

______________________________________[threshold-rule-title]trigger = {urlcounter | bytecounter | pagecounter| failedlogincounter }triggercomparison = {> | < | = | >= |<= | <>}triggervalue = triggervalue-valueurlpath = {urlpath-value1 [... urlpath-valueN]}dceusername = {dceusername-value1 ... dceusername-valueN]}action = {none | clear | program | note }actionparameter = actionparameter-valuelogfile = logfile-value______________________________________

The title of the threshold rule is stored between brackets and indicates the beginning of a new threshold rule definition.

The threshold keywords and values are defined as follows:

trigger-keyword

This keyword allows administrators to define a threshold rule against a resource monitored by the account manager. The available trigger values match each of the monitored resource counters on a one-to-one basis. The administrator must define the monitoring of the resource corresponding to the trigger-value in the server configuration file for a threshold rule with the monitored resource to be triggered. If the resource is not monitored and a threshold rule contains the trigger keyword and a value corresponding to the unmonitored resource, the threshold rule will be skipped. For example, if the trigger-value is PageCounter for a threshold rule and the set of PageCounter keywords are not defined in the configuration file, the threshold rule will be skipped.

This keyword and its accompanying value are required for a threshold rule to be valid. Invalid threshold rules are ignored.

trigger-value

Valid trigger-values are: {urlcounter|bytecounter|pagecounter|failedlogincounter}.

If a trigger-value is not specified or does not match one of the valid values, the threshold rule is invalid. Invalid threshold rules are ignored.

triggercomparison-keyword

This keyword allows administrators to compare a monitored resource counter value against an integer value defined as the triggervalue-value. The triggercomparison-value matches each of the arithmetic comparison operators.

This keyword and its accompanying value are required for a threshold rule to be valid. Invalid threshold rules are ignored.

triggercomparison-value

Valid triggercomparison-values are: {>|<|=|>=|<=|<>}

If a triggercomparison-value is not specified or does not match one of the valid values, the threshold rule is invalid. Invalid threshold rules are ignored.

triggervalue-keyword

This keyword allows administrators to specify an integer number for a monitored resource counter to be compared against. The triggervalue-keyword value is specified as an integer number.

This keyword and its accompanying value are required for a threshold rule to be valid. Invalid threshold rules are ignored.

triggervalue-value

A triggervalue-value is an integer between 0 and the maximum integer value defined for the target platform.

If a triggervalue-value is not specified or if it is not an integer, the value defaults to 0. If the specified value is greater than the maximum allowed value for the target platform, the value will be defaulted to the maximum value.

urlpath-keyword

This keyword allows administrators to compare the url path for a transaction against one or more url paths defined in the urlpath-value.

This keyword is optional and can be defined in addition to the trigger keywords. If this keyword is not specified as part of a threshold rule, the rule considers all url paths to match.

urlpath-value(s)

This value allows administrators to define one or more url paths that a transaction passing the trigger comparison should match against. If more than one url path is specified, the threshold rule will match against any of them. If more than one url path is specified, each urlpath-value must be separated by a blank space. Tab characters in the value will be changed into blank spaces. Duplicate url paths in the value will be ignored. Each urlpath-value can contain a regular expression as defined by the regcomp expression rules.

If any urlpath-value contains an invalid regular expression, the entire threshold rule is invalid. Invalid threshold rules are ignored.

dceusername-keyword

This keyword allows administrators to compare the DCE user name for a transaction against one or more DCE user names defined in the dceusername-value.

This keyword is optional and can be defined in addition to the trigger keywords. If this keyword is not specified as part of a threshold rule, the rule considers all DCE user names to match.

dceusername-value(s)

This value allows administrators to define one or more DCE user names that a transaction passing the trigger comparison should match against. If more than one DCE user name is specified, the threshold rule will match against any of them. If more than one DCE user name is specified, each dceusername-value must be separated by a blank space. Tab characters in the value will be changed into blank spaces. Duplicate DCE user names in the value will be ignored. Each dceusername-value can contain a regular expression as defined by the regcomp expression rules.

If any dceusername-value contains an invalid regular expression, the entire threshold rule is invalid. Invalid threshold rules are ignored.

action-keyword

This keyword allows administrators to execute an action if the trigger comparison is true and if any of the urlpath or dceusername comparisons matched.

If this keyword is not specified, the action defaults to none.

action-value

Valid action-values are {none|clear|program|note}. The following table explains the operation performed for each action.

              TABLE 1______________________________________Action ValuesAction-Value   Operation______________________________________none    Performs no action. Specified only when the   administrator wants to log a threshold, but not take an   action on it.clear   Resets the counter matching the triggered monitored   resource to zero. This action will not trigger any   additional threshold rules.program Spawns a program asynchronously. The output or   return code from the program are not saved by the   account manager. The program is run under the same   uid and gid as the web server.note    Sends an e-mail note.______________________________________

If an action value is not specified or does not match one of the valid values, the threshold rule is invalid. Invalid threshold rules are ignored.

actionparameter-keyword

This keyword allows the administrator to specify the object or address to perform the action on.

If the action-value is "program" or "note", this keyword and its accompanying value are required for a threshold rule to be valid. Invalid threshold rules are ignored.

If an action-value is "none" or "clear", this keyword and its accompanying value are ignored if they were specified in the threshold rule.

actionparameter-value

The following table explains the parameters required for each action.

              TABLE 2______________________________________Action Parameter ValuesAction-Value  Action Parameter-value______________________________________none   N/A. If a value is specified, it is skipped.clear  NIA. If a value is specified, it is skipped.program  Fully-qualified program name. If needed by the  program, parameters to the program should follow the  first blank space after the fully-qualified program name.note   E-mail address. If desired by the administrator,  information to append to the note should follow the first  blank space after the e-mail address.______________________________________

Tab characters in the value will be changed into blank spaces.

If the action keyword has a value of "program" or "note" and if the actionparameter-value is not specified, the threshold rule is invalid. Invalid threshold rules are ignored.

logfile-keyword

Allows the administrator to specify a file name in which to log a record when a threshold rule has been triggered.

This keyword is optional. If this keyword is not specified as part of a threshold rule, no log record will be written.

logfile-value

The logfile value requires a fully-qualified file name. The directory must already exist and be readable and writable by the uid and gid under which the web server is running. If specified and the threshold rule matches, a log record for the threshold will be written to the file. The log record has a predefined format. Anything after the file name will be appended to the end of the record (e.g., a miscellaneous column). Tab characters in the value will be changed into blank spaces.

Additional Threshold File Format Rules

All string values in a threshold rule are case sensitive. The following string values can be defined in a threshold rule:

urlpath-value(s)

dceusername-value(s)

actionparameter-value

logfile-value

The following value must be specified as an integer between 0 and the maximum integer value defined for the target platform:

triggervalue-value

The following values allow regular expressions, as defined by the regcomp expression rules:

urlpath-value(s)

dceusername-value(s)

Keywords in the threshold file are not case sensitive. The keywords supported are:

trigger

triggercomparison

triggervalue

urlpath

dceusername

action

actionparameter

logfile

As trigger-values, the following keywords are not case sensitive:

urlcounter

bytecounter

pagecounter

failedlogincounter

As action-values, the following keywords are not case sensitive:

none

clear

program

note

The following describes one particular exemplary embodiment of the invention be should not be construed as limiting.

Each keyword may be preceded by zero to many blank characters. It can be followed by zero to many blank characters. An equal sign comes afterwards followed by zero to many blank characters. Lastly, a value for the keyword is specified. Keyword and value assignments preferably do not span multiple lines.

Comments in the threshold file preferably begin with a "#" or ";" as their first non-blank text. Keyword lines preferably do not contain comments. Comments and blank lines are preferably ignored. Note that comments that an administrator may make manually in a file may be overwritten or moved by the account manager.

Quotation marks in a value typically are not parsed to treat an entire value between the quotation marks as a single value. For example, the value, "This file", is treated as two values: (1) "This and (2) file.

Invalid lines are preferably ignored, such as a line having an invalid keyword name or no value at all. If a threshold rule does not have all its required values, the entire threshold rule preferably is ignored.

Threshold rules that are not valid are preferably ignored. When the account manager plug-in is initialized, it will log threshold rules that were valid and rules that were not valid along with their error. These threshold log summary records are stored in a AccountManagerLoadSummaryFile file name defined in the account manager configuration file. If the AccountManagerLoadSummaryFile is not specified in the account manager configuration file, the results of the account manager's loading of the threshold rules preferably are not logged.

Inside a threshold rule section, if a keyword and value pair is specified more than once, the last valid keyword and value pair in the rule will be used.

In the preferred embodiment, the order of threshold rules in the file may control processing. For example, the first one encountered for the monitored resource that matches the comparison will have its action executed. The remaining threshold rules may not be checked if one has already been triggered. However, the administrator can specify the threshold match keyword in the configuration file to trigger all matching threshold rules, and not just the first matching rule.

Preferably, a threshold rule cannot have the same title within the same monitored resource rule set. For example, two threshold rules with the same title preferably cannot have the same trigger-value, such as urlcounter. The two threshold rules could have the same title and have different trigger-values. Although allowed under these circumstances, the administrator is advised to keep the titles of each rule unique to reduce confusion.

If the account manager cannot access the log file specified in a threshold rule for reading or writing, usually no log record will be written, but the account manager will still initiate the action, if any, defined for the threshold rule.

If urlpath and/or dceusername values are specified, the threshold rule preferably must meet the conditions imposed by the triggervalue, urlpath, and dceusername in order to be triggered.

Sample Threshold File

The following is a sample threshold file.

______________________________________# This is a sample threshold file - /usr/dfsweb/account/threshold# Send a note to the administrator when the sensitive# web page is accessed and log the action in the# /usr/dfsweb/account/log/triggered-- rules file.# Note that the "http:/ is not included as part of the urlpath value.#[Sensitive Web Page - /... /sensitive.html]trigger = urlcountertriggercomparison = >triggervalue = 0urlpath = /.../sensitive.htmlaction = noteactionparameter = webadministrator@austin.comlogfile = /usr/dfsweb/account/log/triggered-- rules## Log a record in /usr/dfsweb/log/advertising whenever a URL that# begins with /dfs/advertising/ is accessed. Note the ".*". not "*"# indicates that one or more of any character may follow# "/dfs/advertising/".#[Log access to /dfs/advertising/.*]trigger = pagecountertriggercomparison = >triggervalue = 0urlpath = /dfs/advertising/.*action = nonelogfile = /usr/dfsweb/log/advertising## Run a popup program if 1000000 bytes or more are# accessed by a user before the counter is reset.# Also log the action in the# /usr/dfsweb/account/log/triggered-- rules file.#[Alert popup for accounts accessing one million bytes or more]trigger = bytecountertriggercomparison = > =triggervalue = 1000000action = programactionparameter = /usr/bin/alert-- popup.shlogfile = /usr/dfsweb/account/log/triggered-- rules## Log a record in /usr/dfs/web/log/pagehogs if a user with a# dceusername of bob or bill accesses more than 500 pages before the# counter is reset.#[Log users accessing more than 500 pages]trigger = pagecountertriggercomparison = >triggervalue = 500dceusername = bob billaction = nonelogfile = /usr/dfsweb/log/pagehogs## Run a paging program if a user has 10 or more failed login attempts.#[Run paging program if 10 or more failed logins]trigger = failedlogincountertriggercomparison = > =triggervalue = 10action = programactionparameter = /usr/bin/pager 555-1212______________________________________

As noted above, preferably the account manager derives values for its monitored resources through the name/value pairs passed to it by the web server. Also, the server will communicate login information to the Account Manager through this same name/value structure.

The flowchart shown in FIG. 5 illustrates the steps followed to determine whether or not a resource should be monitored and threshold rules triggered. At step 71, a test is made to determine whether the transaction refers to the distributed file system (DFS). This will be the case is the following name and value pairs are true:

rq→reqpb: name="path" value=(starts with "/. . . ", "/.:" or "/:")

If the outcome of the test at step 71 is negative, the database counter value may still be updated and threshold rules checked if the autoadd value is set to "on" for the corresponding managed resource. At step 72, assuming the outcome of the test at step 71 was positive, a test is made to determine if the transaction is a failed DCE login. If the following name and value pairs are not true, the DCE login is successful:

rq→srvhdrs: name="status" value="401 Unauthorized"(just check for "401" at front)

rq→vars: name="DCE-VALID" value="-1"

If the above name and value pairs were true, indicating a negative outcome of the test at step 72, the routine increments the failed login counter for the user at 74 if the failed login counter is being monitored, checks at step 76 to see if any threshold rules have been triggered, and returns successfully. The DCE user name can be determined from the following name and value pair.

rq→vars: name="DCE-NAME" value=(user-name).

If the outcome of the test at step 72 was positive, the routine continues at step 78 to determine if the DCE credential is valid. (Note that for performance reasons the failed logon counter for the auth-user will not be reset if a transaction is valid. Preferably, a failed login record can only be reset manually by the administrator or automatically through the Resetinterval DCE Web configuration value.) If the following name and value pair is true, the DCE login is valid.

rq→vars: name="DCE-VALID" value="1"

At step 80, the DCE user name is retrieved from the following name and value pair:

rq→vars: name="auth-user" value=(DCE user name)

(It should be noted that the "auth-user" name is different from the "DCE-NAME" name. "DCE-NAME" is only available if the DCE login failed).

At step 82, a test is made to determine whether the transaction was successful, which is indicated by any of the following name and value pairs, for example:

rq→srvhdrs: name="status" value="200 OK"(just check for "200" at front)

rq→srvhdrs: name="status" value="304 Use local copy"(just check for "304" at front)

rq→srvhdrs: name="status" value="302 Found" (just check for "302" at front)

If any of the above name and value pairs were true, the routine continues at step 84 to increment the appropriate counters for the resource if the resource is being monitored, checks at step 86 to see if any threshold rules have been triggered, and returns successfully. The monitored values can be determined from the following name and value pairs.

______________________________________rq-->reqpb:     name="path"   value=(path name)rq-->vars:     name="auth-user"                   value=(DCE user name)rq-->srvhdrs:     name="content-length"                   value=(page size in bytes)______________________________________

Note that the "auth-user" value is never normalized to the full DCE account name. Whatever is passed to the Account Manager will be stored in the database. The routine then returns to complete the name/value pair processing.

DFS Web Configuration File

Preferably, the account manager includes or has associated therewith a configuration file (called DFS Web configuration file) that stores startup values read in by the account manager when the plug-in is loaded or reloaded by the server. The fully-qualified file name to the configuration is passed in as a name-value parameter to the account manager when it is initialized by the Web server. Preferably, loaded configuration values must be valid, otherwise no resources will be monitored and thus no threshold rules can be triggered. To determine if a DFS Web configuration file is valid, the administrator must examine the load summary file after starting the server or the routine stdout when starting the server.

Account Manager Configuration Format

The format of the Account Manager section of the DFS Web configuration file is defined as follows:

[AccountManager]

ThresholdSourceFile=filename

ThresholdMatch={first|all}

AccountManagerLoadSummaryFile=filename

Resetinterval=interval-seconds

URLCounterDatabase={file|dbm|none}

URLCounterAutoAdd={on|off}

URLCounterReset={never|interval}

URLCounterFile=filename

PageCounterDatabase={file|dbm|none}

PageCounterAutoAdd={on|off}

PageCounterReset={never|interval}

PageCounterFile=filename

ByteCounterDatabase={file|dbm|none}

ByteCounterAutoAdd={on|off}

ByteCounterReset={never|interval}

ByteCounterFile=filename

FailedLoginCounterDatabase={file|dbm|none}

FailedLoginCounterAutoAdd={on|off}

FailedLoginCounterReset={never|interval}

FailedLoginCounterFile=filename

Each of the monitored resources are represented in the DFS Web configuration file: URLCounter, PageCounter, ByteCounter, and FailedLoginCounter. The specific parameters to each resource are defined as follows:

Database--{file|dbm|none}

The options correspond to the storage of records relating to the resource via ASCII file storage, storage through the dbm interface, or no storage at all. If "none" is specified, the resource will not be monitored. This is equivalent to not including the monitored resource keyword group in the configuration file.

The default is none.

AutoAdd--{on|off}

Tells the account manager whether or not to automatically add records to the corresponding monitored resource database if the user has not logged onto DCE through the session manager. The account manager will search for the DCE-VALID keyword in its parameter block. If the DCE-VALID keyword exists and its value is 1, the account manager will assume that the user has successfully logged onto DCE.

Turning AutoAdd on will log all user actions, whether or not the user has successfully logged into DCE yet.

The default is off.

CounterReset--{never|interval}

If "never" is specified, the administrator must manually reset the counter for an individual record or the counters for all the records of the managed resource. This can be done, for example, through an administrative web page.

If "interval" is specified, the counter for the records belonging to the managed resource will be reset to 0 when a transaction on the managed resource occurs and the current time has passed the last reset time for the record plus the ResetInterval, which is specified in seconds.

The default is never.

File-fully-qualified file name to the ASCII file or dbm where the records for the corresponding managed resource are stored.

The directory must already exist and be readable and writable by the uid and gid under which the web server is running.|f the file exists, it must be readable and writable by the uid and gid under which the web server is running.

This keyword does not have a default. If it is not specified, the resource will not be monitored. If the account manager cannot access the specified file for reading or writing, the resource will not be monitored.

If the Database keyword value is not set to none and a File keyword value is not specified, the entire configuration is invalid.

The Database and File keywords for a monitored resource must be specified or the resource will not be monitored.

The file names for each defined monitored resource must be different. if any of the database file names are the same, the entire configuration is invalid.

The remaining account manager keywords are defined as follows:

ThresholdSourceFile-fully-qualified file name to the threshold rules definition file.

The file must already exist and be readable by the uid and gid under which the web server is running. The default is not to have a threshold file and thus no threshold rules.

If the threshold source file is specified, but cannot be loaded, the entire configuration is invalid. If the threshold source and load summary files have the same file names, the entire configuration is invalid.

ThresholdMatch--{first|all}.

When a Web transaction occurs, the value of this keyword indicates if only the first matching threshold rule should be triggered or if all matching threshold rules should be triggered. As mentioned in the threshold rules description, only thresholds belonging to resources that are actively monitored are checked. The threshold rules are checked in the order that they were loaded from the threshold rules file.

If the value is "all" the administrator can define multiple rules for a monitored resource with the same triggercomparison and trigger value. Once the threshold condition was met, all the matching threshold rules would be triggered in the order they were loaded from the threshold file. If the administrator defined multiple rules for a monitored resource with the same triggercomparison and trigger value and the ThresholdMatch keyword was set to "first," only the first matching threshold rule would be triggered.

The default is "first." If the value for the keyword is invalid in the configuration file, it will be set to "first."

AccountManagerLoadSummaryFile-fully-qualified file name to the file where the results of the account manager's loading of the threshold file will be stored. This file will also contain a list of the monitored resources.

If this file already exists, additional log records will be appended to it. This file must be readable and writable by the uid and gid under which the web server is running. The default is not to log the results of the account manager's loading of the configuration and threshold files.

If the account manager cannot read a specified AccountManagerLoadSummaryFile it will log an error to stdout and the web server log. Whether or not the Account Manager logs records to an AccountManagerLoadSummaryFile, it will log the same information to stdout.

ResetInterval-rest time in seconds.

This keyword is used by monitored resources to determine when to set their record counters back to 0 if their *CounterReset keyword is set to "interval". Valid values are between 0 and 2678400 (31 days). The default is 0, which equates to not resetting the value.

A reset for a database record based on the ResetInterval value will not trigger any threshold rules.

Additional DFS Web Configuration File Format Rules

All string values in a configuration file are case sensitive. For the account manager section, all file names are string values and are thus case sensitive.

The following value must be specified as an integer between 0 and 2678400 (31 days):

interval-seconds

Keywords in the configuration file are not case sensitive. The keywords supported are:

AccountManagerLoadSummaryFile

ThresholdSourceFile

ThresholdMatch

Resetinterval

URLCounterDatabase

URLCounterAutoAdd

URLCounterReset

URLCounterFile

PageCounterDatabase

PageCounterAutoAdd

PageCounterReset

PageCounterFile

ByteCounterDatabase

ByteCounterAutoAdd

ByteCounterReset

ByteCounterFile

FailedLoginCounterDatabase

FailedLoginCounterAutoAdd

FailedLoginCounterReset

FailedLoginCounterFile

As Database values, the following keywords are not case sensitive:

file

dbm

none

As AutoAdd values, the following keywords are not case sensitive:

on

off

As Reset values, the following keywords are not case sensitive:

never

interval

The following describes some additional features of a preferred exemplary embodiment although again it should be appreciated that the following should not be taken to limit the present invention.

Even though the account manager can default all its values, the "[Account manager]" section is typically present in the configuration file. If not, the file is not considered a valid configuration file.

All keywords in the configuration file are preferably unique. For example, a non-account manager section preferably cannot have a Resetinterval keyword since the account manager section already uses it.

Each keyword can be preceded by zero to many blank characters. The keyword can be followed by zero to many blank characters. An equal sign preferably must come afterwards followed by zero to many blank characters. Lastly, a value for the keyword preferably must be specified.

Preferably, keyword and value assignments do not span multiple lines.

Comments in the threshold file preferably begin with a "#" or ";" as their first non-blanket text. Preferably, keyword lines do not contain comments. Comments and blank lines are preferably ignored. Note that comments that an administrator may make manually in a file may be overwritten or moved by the account manager.

Quotation marks in a value typically are not parsed to treat an entire value between the quotation marks as a single value. For example, the value, "This file", is treated as two values: (1) "This and (2) file". Invalid lines are preferably ignored.

Monitored resource rules that are not valid are preferably ignored. When the account manager plug-in is initialized, it will print to stdout the account manager configuration keywords that were valid and those that were not. This information will also be stored in the AccountManagerLoadSummaryFile file name, if defined in the configuration file. If the account manager cannot access the file for writing, the results of the account manager's loading of the configuration file typically will not be recorded.

Inside the account manager section of the configuration file, if a keyword and value pair is specified more than once, the last valid keyword and value pair in the rule typically will be used.

If more than one account manager section is defined in a configuration file, preferably only the values for the first section will be used. All subsequent redefinitions of the account manager section in the configuration file preferably will be ignored.

Installation and Configuration of the Account Manager Plug-in

To install the account manager plug-in, an Installation and Configuration program will need to modify the workstation web server configuration file as well as install the DFS Web configuration and threshold files on the target workstation.

Configuration of Netscape

To use the account manager plug-in with a Netscape web server, the installation and configuration program of the product will need to include the following lines in the initial portion of the Netscape server obj.conf file:

______________________________________Init fn="load-modules" shlib="/usr/lib/libdfswebamgr.a"func="dwbamgr-init,dwbamgr-logInit fn=dwbamgr-init" cfgfile="/usr/dfsweb/dfsweb.cfg"______________________________________

The first line indicates that the account manager shared library, /usr/lib/libdfswebamgr.a, should be loaded upon server startup and that the dwbamgr-init and dwbamgr-log functions in the shared library should be externalized. Note that the shared library path is fully-qualified.

The second line indicates that the dwbamgr-init function should be called when the server is started and that the cfgfile keyword and value should be passed in. The value for the cfgfile should be the fully-qualified path to the DFS Web configuration file.

The installation and configuration program of the product will also need to include the following line in the <object> section of the Netscape server obj.conf file:

AddLog fn="dwbamgr-log"

The Add Log line indicates that the dwbamgr-log function should be called when a Netscape web transaction reaches the AddLog stage.

If there are any problems with the syntax of the DFS Web configuration file or Threshold file, the lines read in by the Account Manager and the errors associated with the invalid lines will be logged to the AccountManagerLoadSummaryFile. The Account Manager will also store the results of validating the DFS Web configuration file and Threshold file in the AccountManagerLoadSummaryFile.

If the DFS Web configuration file cannot be found or read, the Account Manager will log an error to stdout and the web server log file. If the AccountManagerLoadSummaryFile file cannot be found or read, the Account Manager will log an error to the web server log file. Note that if the web server has not yet read in its value for its log file during the web server initialization process, the web server will send the log message to stdout instead.

Configuration of DFS Web Configuration and Threshold Files

The installation and configuration program for the product will need to ask the administrator a number questions in order to create the DFS Web configuration file and threshold file.

The Account Manager portion of the DFS Web product directory defaults to /usr/lpp/dfsweb/etc/<servername>. This directory is abbreviated to $DFSWEB. <servername> is the name of the web server into which the DFS Web product is being installed and configured.

The configuration file will be stored in $DFSWEB/dfsweb.cfg. The configuration file is required for the account manager plug-in even if the administrator does not want to monitor any resources.

The threshold file will be stored in $DFSWEB/dfsweb.thr. The administrator can add additional rules either manually or through the DFS Web Administrator graphical user interface at a later time. This template threshold rule file helps establish the threshold file with the web server for future additions.

Configuration File Template

To fill out the values in the configuration file template and install the file on the administrator's workstation, the installation and configuration program for the product will need to ask the administrator for responses to prompts, such as the following:

What is the fully-qualified file name of the Account Manager Load Summary File? (Options: nil or fully-qualified file name) (default $DFSWEB/loadsummary)

What is the reset interval in seconds for counters of monitored resources? (range: 0-2678400) (default 0)

Monitor the URLCounter?

If yes, what is the fully qualified database file name? (required) (default $DFSWEB/dburl)

If yes, should non-DFS Web transactions be monitored? (options: on off) (default off)

1. Set the URLCounterDatabase value to dbm.

2. If the reset interval is not 0, set the URLCounterAutoAdd value to interval.

3. If the reset interval is 0, set the URLCounterAutoAdd value to never.

If no, set the Database value to none.

The previous question is also asked for the other monitored resources.

Responses to the prompts will be used to fill out the ??? marks in the following template configuration file. Note that the $DFSWEB in the template file will be expanded to the fully-qualified path to the DFS Web product directory.

# Install/Config DFS Web Configuration File Template

# DFS Web Product--$DFSWEB/dfsweb.cfg

# You can edit this file, but comments and formatting changes

# might be lost when the DFS Web product makes changes.

[AccountManager]

AccountManagerLoadSummaryFile=???

ThresholdSourceFile=$DFSWEB/dfsweb.thr

ThresholdMatch=???

ResetInterval=???

URLCounterDatabase=???

URLCounterAutoAdd=???

URLCounterReset=???

URLCounterFile=???

PageCounterDatabase=???

PageCounterAutoAdd=???

PageCounterReset=???

PageCounterFile=???

PageCounterDatabase=???

PageCounterAutoAdd=???

PageCounterReset=???

PageCounterFile=???

ByteCounterDatabase=???

ByteCounterAutoAdd=???

ByteCounterReset=???

ByteCounterFile=???

FailedLoginCounterDatabase=???

FailedLoginCounterAutoAdd=???

FailedLoginCounterReset=???

FailedLoginCounterFile=???

Sample DFS Web Configuration File

The following is a sample DFS Web configuration file:

# Install/Config DFS Web Configuration File

# DFS Web Product-/usr/lpp/dfsweb/etc/graywolf/dfsweb.cfg

# You can edit this file, but comments and formatting changes

# might be lost when the DFS Web product makes changes.

[Account Manager]

ThresholdSourceFile=/usr/lpp/dfsweb/etc/graywolf/dfsweb.thr

ThresholdSourceFile=/usr/lpp/dfsweb/etc/graywolf/dfsweb.thr

ThresholdMatch=first

AccountManagerLoadsummaryfile=/usr/lpp/dfsweb/etc/graywolf/loadsummary

URLCounterDatabase-dbm

URLCounterAutoAdd=on

URLCounterReset=never

URLCounterFile=/usr/lpp/dfsweb/etc/graywolf/dburl

PageCounterDatabase=dbm

PageCounterAutoAdd=on

PageCounterReset=never

PageCounterFile=/usr/lpp/dfsweb/etc/graywolf/dbpage

ByteCounterDatabase-dbm

ByteCounterAutoAdd=on

ByteCounterReset=never

ByteCounterFile=/usr/lpp/dfsweb/etc/graywolf/dbbyte

FailedLoginCounterDatabase=dbm

FailedLoginCounterAutoAdd=on

FailedLoginCounterReset=never

FailedLoginCounterFile=/usr/lpp/dfsweb/etc/graywolf/dbfailed

Threshold File Template

To fill out the values in the threshold file template and install the file on the administrator's workstation, the installation and configuration program for the DFS Web product will ask the administrator for responses to prompts, such as the following:

What action should be taken if there are too many failed logins?(options: none, counter, program, note) (default none)

If the action is none, the trigger value should be 10. Remaining variable values will be set to nil.

If the action is not none, what should the trigger value be for the number of failed logins? (range: 0-MAX-- INT) (default 10)

If the action is not none, what fully-qualified log file name should be used to record failed login attempts? (default nil)

If the action is clear, set the action parameter to nil.

If the action is program, what program should be run with what parameters? (required)

If the action is note, what email address should mail be sent to with what text? (required)

Whatever the action, what fully-qualified log file name should store records of this triggered threshold? (options: nil or fully-qualified file name) (default $DFSWEB/thresholdlog)

Responses to the prompts will be used to fill out the ??? marks in the following template threshold file. Note that the $DFSWEB in the template file will be expanded to the fully-qualified path to the DFS Web product directory.

# Install/Config DFS Web Threshold File Template

# DFS Web Product-$DFSWEB/dfsweb.thr

# You can edit this file, but comments and formatting changes

# might be lost when the DFS Web product makes changes.

[Too many failed logins]

trigger=failedlogincounter

triggercomparison=>

triggervalue=???

action=???

actionparameter=???

logfile=???

Sample Load Summary File

The following is a sample load summary file. The file shows the lines read in from the configuration and threshold files and how the Account Manager processes them.

__________________________________________________________________________*******************************************   Reading DFS Web Configuration file"/usr/lpp/dfsweb/etc/graywolf/dfsweb.cfg"****************************************> #   Install/Config DFS Web Configuration File Template> #   DFS Web Product - /usr/lpp/dfsweb/etc/graywolf/dfsweb.cfg> #   You can edit this file, but comments and formatting changes> #   might be lost when the DFS Web product makes changes.>>  [Account Manager]>>  AccountManagerLoadSummaryFile =/usr/lpp/dfsweb/etc/graywolf/loadsummaryKeyword = "AccountManagerLoadSummaryFile", Value ="/usr/lpp/dfsweb/etc/graywolf>  ThresholdSourceFile = /usr/lpp/dfsweb/etc/graywolf/dfsweb.thr   Keyword = "ThresholdSourceFile", Value ="/usr/lpp/dfsweb/etc/graywolf/dfsweb.>  ThresholdMatch = first   Keyword = "ThresholdMatch", Value = "first">  ResetInterval = 0   Keyword = "ResetInterval", Value = "0">>  URLCounterDatabase = dbm   Keyword = "URLCounterDatabase", Value = "dbm">  URLCounterAutoAdd = 0   Keyword = "URLCounterAutoAdd", Value = "on">  URLCounterReset = never   Keyword = "URLCounterReset", Value = "never">  URLCounterFile = /usr/lpp/dfsweb/etc/graywolf/dburl   Keyword = "URLCounterFile", Value ="/usr/lpp/dfsweb/etc/graywolf/dburl">>  PageCounterDatabase = dbm   Keyword = "PageCounterDatabase", Value = "dbm">  PageCounterAutoAdd = on   Keyword = "PageCounterAutoAdd", Value = "on">  PageCounterReset = never   Keyword = "PageCounterReset", Value = "never">  PageCounterFile = /usr/lpp/dfsweb/etc/graywolf/dbpage   Keyword = "PageCounterFile", Value ="/usr/lpp/dfsweb/etc/graywolf/dbpage">>  ByteCounterDatabase = dbm   Keyword = "ByteCounterDatabase", Value = dbm">  ByteCounterAutoAdd = on   Keyword = "ByteCounterAutoAdd", Value = "on">  ByteCounterReset = never   Keyword = "ByteCounterReset", Value = "never">  ByteCounterFile = /usr/lpp/dfsweb/etc/graywolf/dbbyte   Keyword = "ByteCounterFile", Value ="/usr/lpp/dfsweb/etc/graywolf/dbbyte">>  FailedLoginCounterDatabase = dbm   Keyword "FailedLoginCounterDatabase", Value =dbm">  FailedLoginCounterAutoAdd = on   Keyword = "FailedLoginCounterAutoAdd", Value = "on">  FailedLoginCounterReset = never   Keyword = "FailedLoginCounterReset", Value = "never">  FailedLoginCounterFile = /usr/lpp/dfsweb/etc/graywolf/dbfailed   Keyword = "FailedLoginCounterFile", Value ="/usr/lpp/dfsweb/etc/graywolf/dbfailed">*******************************************   Reading DFS Web Threshold File/usr/lpp/dfsweb/etc/graywolf/dfsweb.thr****************************************>> #   Install/Config DFS Web Threshold File Template>> #   DFS Web Product - /usr/lpp/dfsweb/etc/graywolf/dfsweb.thr>> #   You can edit this file, but comments and formatting changes>> #   might be lost when the DFS Web product makes changes.>> #>> [Too many failed logins]>> trigger = failedlogincounter   keyword = "trigger", value = "failedlogincounter">> triggercomparison = =>> keyword = "triggercomparison", value = "=">> triggervalue = 10   keyword = "triggervalue, value = "10">> action = note   keyword = "action", value = "note">> actionparameter = shrader@austin.ibm.com 1 2 3>> keyword = "actionparameter", value = "shrader@austin.ibm.com 1 23">> logfile = ?user/lpp/dfsweb/etc/graywolf/triggerlog   keyword = "logfile", value = "/usr/lpp/dfsweb/etc/graywolf/triggerlog">>>> [Reset counter after too many failed logins]*******************************************   Validating Threshold Rule [Too many failed logins]****************************************WARNING: Count not obtain information on the Logfile"/usr/lpp/dfsweb/etc/graywolf/triggerFile "/usr/lpp/dfsweb/etc/graywolf/triggerlog" may not exist yet.***   Validation for threshold rule [Too many failed logins] at the end of   thefailed logincounter rule set>> trigger = failedlogincounter   keyword = "trigger", value = "failedlogincounter">> triggercomparison = >   keyword = "triggercomparison", value = ">">> triggervalue = 10   keyword = "triggervalue", value = "10">> action = clear   keyword = "action", value = "clear">> logfile = /usr/lpp/dfsweb/etc/graywolf/triggerlog   keyword = "logfile", value = "/usr/lpp/dfsweb/etc/graywolf/triggerlog"*******************************************   Validating Threshold Rule [Reset counter after too many failed   logins]****************************************WARNING: Could not obtain information on the Logfile"usr/lpp/dfsweb/etc/graywolf/triggerFile "/usr/lpp/dfsweb/etc/graywolf/triggerlog: may not exist yet.***   Validation for threshold rule [Reset counter after too many failed   logins]added at    end of failed login*******************************************   Added threshold rule id 2 with name [Reset counter after too manyfailed logins]***********************************************************************************   Validating DFS Web Configuration File*******************************************   Validation of DFS Web configuration file ended with 0 errors and 0warnings.*******************************************   DFS Web Configuration File Values****************************************The configuration file passed validation.Configuration file name = /usr/lpp/dfsweb/etc/graywolf/dfsweb.cfgConfiguration file last modified time = Thu Nov 14 18:30:15 1996Load summary file name = /usr/lpp/dfsweb/etc/graywolf/loadsummaryReset interval = 0 seconds (no automatic reset performed)+++ Thresholds active +++Number of thresholds rules = 2Only the first matching threshold triggered.Threshold file name = /usr/lpp/dfsweb/etc/graywolf/dfsweb.thrThreshold file last modified time = Thu Nov 14 15:31:19 1996** UrlCounter Values ** MONITORED   Database = dbm   AutoAdd = on   Reset = never   Database file name = /usr/lpp/dfsweb/etc/graywolf/dburl** PageCounter Values ** MONITORED   Database = dbm   AutoAdd = on   Reset = never   Database file name = /usr/lpp/dfsweb/etc/graywolf/dbpage** ByteCounter Values ** MONITORED   Database = dbm   AutoAdd = on   Reset = never   Database file name = /usr/lpp/dfsweb/etc/graywolf/dbbyte** FailedLoginCounter Values ** MONITORED   Database = dbm   Autoadd = on   Reset = never   Database file name = /usr/lpp/dfsweb/etc/graywolf/dbfailed***   The DFS Web Configuration file"/usr/lpp/dfsweb/etc/graywolf/dfsweb.cfg" passed validation.***   URLCounterDatabase monitored in file"/usr/lpp/dfsweb/etc/graywolf/dburl". *****   PageCounterDatabase monitored in file"/usr/lpp/dfsweb/etc/graywolf/dbpage".***   ByteCounterDatabase monitored in file"/usr/lpp/dfsweb/etc/graywolf/dbbyte".***   FailedLoginCounterDatabase monitored in file   "/usr/lpp/dfsweb/etc/graywolf/dbfailed***   The DFS Web threshold file is"/usr/lpp/dfsweb/etc/graywolf/dfsweb.thr". ******   Transactions will be monitored against 2 threshold rules.__________________________________________________________________________   ***

One of the preferred implementations of the account manager of the invention is as a set of instructions (program code) in a code module resident in the random access memory of the computer. Until required by the computer, the set of instructions may be stored in another computer memory, for example, in a hard disk drive, or in a removable memory such as an optical disk (for eventual use in a CD ROM) or floppy disk (for eventual use in a floppy disk drive), or downloaded via a computer network. In addition, although the various methods described are conveniently implemented in a general purpose computer selectively activated or reconfigured by software, one of ordinary skill in the art would also recognize that such methods may be carried out in hardware, in firmware, or in more specialized apparatus constructed to perform the required method steps.

Further, although the invention has been described in terms of a preferred embodiment in a specific distributed file system environment, those skilled in the art will recognize that the invention can be practiced, with modification, in other and different hardware and operating system architectures with the spirit and scope of the appended claims. Moreover, implementation in OSF DCE is not a requirement of the present invention either.

Additional variations and modifications of the account manager operations are also within the scope of this invention. Thus, for example, the account manager may support a configuration option that allows the triggering of all threshold rules that match a web transaction, not just the first one that matches. In addition, the account manager GUI may provide web administration pages for the viewing of database records, administration of database records, and definition of threshold actions. The account manager may provide support for predefined substitutions in the parameter value of threshold rules (e.g., % dceusername, % date, % yr1), provide support for the threshold actions of enabling and disabling registry accounts, provide a command line interface for monitored resource database query and resetting, support ASCII files as a database medium, support a dcegroupname filter as part of a threshold rule definition, store the client ip address with the dce user name for a failed login record, support the preservation of comments throughout the threshold and configuration files, and support the definition of threshold rules that can be triggered on server errors.

Of course, it may also be desirable to add additional monitored resources, add additional database mediums (such as SQL, DFS or the DCE registry) for supporting the resource information, provide support for compound monitored thresholds (e.g. dceusername=fred && bytecounter>10000), add additional threshold actions (such as SNMP traps), and the like. All of these variations and modifications are deemed to be within the scope of the present invention.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
US5063523 *Nov 16, 1989Nov 5, 1991Racal Data Communications Inc.Network management system with event rule handling
US5109486 *Jan 6, 1989Apr 28, 1992Motorola, Inc.Distributed computer system with network and resource status monitoring
US5210795 *Jan 10, 1992May 11, 1993Digital Equipment CorporationSecure user authentication from personal computer
US5434994 *May 23, 1994Jul 18, 1995International Business Machines CorporationSystem and method for maintaining replicated data coherency in a data processing system
US5530852 *Dec 20, 1994Jun 25, 1996Sun Microsystems, Inc.Method for extracting profiles and topics from a first file written in a first markup language and generating files in different markup languages containing the profiles and topics for use in accessing data described by the profiles and topics
US5550968 *Apr 12, 1994Aug 27, 1996International Business Machines CorporationMethod and system for providing access security to controls in a graphical user interface
US5555377 *Dec 20, 1993Sep 10, 1996International Business Machines CorporationSystem for selectively compressing data transferred in network in response to produced first output when network utilization exceeds first threshold and data length over limit
US5560008 *May 15, 1989Sep 24, 1996International Business Machines CorporationRemote authentication and authorization in a distributed data processing system
US5594227 *Mar 28, 1995Jan 14, 1997Microsoft CorporationSystem and method for protecting unauthorized access to data contents
US5621892 *Oct 10, 1995Apr 15, 1997Intel CorporationMethod and apparatus for managing alerts and events in a networked computer system
US5634008 *Jul 18, 1994May 27, 1997International Business Machines CorporationMethod and system for threshold occurrence detection in a communications network
US5696701 *Jul 12, 1996Dec 9, 1997Electronic Data Systems CorporationMethod and system for monitoring the performance of computers in computer networks using modular extensions
US5729472 *May 17, 1996Mar 17, 1998International Business Machines CorporationMethod of monitoring a computer system
US5751964 *Sep 12, 1995May 12, 1998International Business Machines CorporationSystem and method for automatic determination of thresholds in network management
Non-Patent Citations
Reference
1 *Author unknown, Checkpoint Software Unveils Open Security Platform Strategy, Business Wire, DIALOG 00698301, 3 pages, Nov. 1996.
2 *Michael Moeller, Aventail and Checkpoint ignite firewall security, PC Week, p. 18, Nov. 1996.
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
US6119160 *Oct 13, 1998Sep 12, 2000Cisco Technology, Inc.Multiple-level internet protocol accounting
US6151599 *Jul 17, 1998Nov 21, 2000International Business Machines CorporationWeb client scripting test architecture for web server-based authentication
US6260041 *Sep 30, 1999Jul 10, 2001Netcurrents, Inc.Apparatus and method of implementing fast internet real-time search technology (first)
US6272531 *Mar 31, 1998Aug 7, 2001International Business Machines CorporationMethod and system for recognizing and acting upon dynamic data on the internet
US6298383Jan 4, 1999Oct 2, 2001Cisco Technology, Inc.Integration of authentication authorization and accounting service and proxy service
US6332141Jun 8, 2001Dec 18, 2001Netcurrents, Inc.Apparatus and method of implementing fast internet real-time search technology (FIRST)
US6351752 *Jul 8, 1998Feb 26, 2002Ncr CorporationMethod and apparatus for detecting changes to a collection of objects
US6430619May 6, 1999Aug 6, 2002Cisco Technology, Inc.Virtual private data network session count limitation
US6442165Dec 2, 1998Aug 27, 2002Cisco Technology, Inc.Load balancing between service component instances
US6460089 *Sep 21, 1998Oct 1, 2002Microsoft CorporationMethod and system for extending functionality of a management console
US6529955May 6, 1999Mar 4, 2003Cisco Technology, Inc.Proxy session count limitation
US6587877 *Mar 25, 1997Jul 1, 2003Lucent Technologies Inc.Management of time and expense when communicating between a host and a communication network
US6654801Jan 4, 1999Nov 25, 2003Cisco Technology, Inc.Remote system administration and seamless service integration of a data communication network management system
US6654807 *Dec 6, 2001Nov 25, 2003Cable & Wireless Internet Services, Inc.Internet content delivery network
US6662230 *Oct 20, 1999Dec 9, 2003International Business Machines CorporationSystem and method for dynamically limiting robot access to server data
US6718282Oct 20, 1999Apr 6, 2004Cisco Technology, Inc.Fault tolerant client-server environment
US6718376Dec 15, 1998Apr 6, 2004Cisco Technology, Inc.Managing recovery of service components and notification of service errors and failures
US6728761 *Jan 8, 2001Apr 27, 2004Hewlett-Packard Development Company, L.P.System and method for tracking usage of multiple resources by requesting for retrieving a non-existent files, and causing query information to be stored in an error log
US6792457Jun 7, 2000Sep 14, 2004Cisco Systems, Inc.Multiple-level internet protocol accounting
US6795856Jun 28, 2000Sep 21, 2004Accountability International, Inc.System and method for monitoring the internet access of a computer
US6816901Jan 31, 2003Nov 9, 2004Cisco Technology, Inc.Proxy session count limitation
US6832247 *Jun 15, 1998Dec 14, 2004Hewlett-Packard Development Company, L.P.Method and apparatus for automatic monitoring of simple network management protocol manageable devices
US6836801 *Oct 12, 2000Dec 28, 2004Hewlett-Packard Development Company, L.P.System and method for tracking the use of a web tool by a web user by using broken image tracking
US6845102Oct 9, 1997Jan 18, 2005Cisco Technology, Inc.Method and system for network access over a low bandwidth link
US6853642Jul 24, 2002Feb 8, 2005Cisco Technology, Inc.Load balancing between service component instances
US6853960 *Dec 10, 2002Feb 8, 2005Mitsubishi Denki Kabushiki KaishaCommunications apparatus, communication system, plug-in module control method, and computer-readable recording medium where program for executing by computer is recorded
US6871224Jan 4, 1999Mar 22, 2005Cisco Technology, Inc.Facility to transmit network management data to an umbrella management system
US6910067Jun 20, 2002Jun 21, 2005Cisco Technology, Inc.Virtual private data network session count limitation
US6920468 *Jul 8, 1998Jul 19, 2005Ncr CorporationEvent occurrence detection method and apparatus
US6928465Mar 16, 2001Aug 9, 2005Wells Fargo Bank, N.A.Redundant email address detection and capture system
US6944798 *May 11, 2001Sep 13, 2005Quest Software, Inc.Graceful degradation system
US6961716Jul 31, 2001Nov 1, 2005Hewlett-Packard Development Company, L.P.Network usage analysis system and method for determining excess usage
US6993453Oct 28, 2003Jan 31, 2006International Business Machines CorporationAdjusted monitoring in a relational environment
US7020082May 4, 2001Mar 28, 2006Nomadix, Inc.Network usage monitoring device and associated method
US7069271 *Nov 3, 2000Jun 27, 2006Oracle International Corp.Methods and apparatus for implementing internet storefronts to provide integrated functions
US7072951Oct 3, 2001Jul 4, 2006Sun Microsystems, Inc.HTTP transaction monitor with capacity to replay in debuggings session
US7073178 *Jan 14, 2003Jul 4, 2006Mobitv, Inc.Method and system of performing transactions using shared resources and different applications
US7185237Sep 1, 2005Feb 27, 2007Quest Software, Inc.Systems and methods for providing for degradation of a computer application
US7213146 *Feb 20, 2001May 1, 2007Hewlett-Packard Development Company, L.P.System and method for establishing security profiles of computers
US7222170 *Mar 14, 2002May 22, 2007Hewlett-Packard Development Company, L.P.Tracking hits for network files using transmitted counter instructions
US7243369Apr 22, 2002Jul 10, 2007Sun Microsystems, Inc.Uniform resource locator access management and control system and method
US7272649Sep 30, 1999Sep 18, 2007Cisco Technology, Inc.Automatic hardware failure detection and recovery for distributed max sessions server
US7296235Oct 10, 2002Nov 13, 2007Sun Microsystems, Inc.Plugin architecture for extending polices
US7305361Apr 30, 2001Dec 4, 2007Goldman Sachs & Co.Apparatus, methods and articles of manufacture for constructing and executing computerized transaction processes and programs
US7346697Sep 7, 2004Mar 18, 2008Cisco Technology, Inc.Multiple-level internet protocol accounting
US7370102Feb 13, 2004May 6, 2008Cisco Technology, Inc.Managing recovery of service components and notification of service errors and failures
US7401288Jun 30, 2003Jul 15, 2008International Business Machines CorporationMethod and apparatus for transmitting accessibility requirements to a server
US7493395Sep 1, 2004Feb 17, 2009Cisco Technology, Inc.Virtual private data network session count limitation
US7496097Nov 12, 2004Feb 24, 2009Citrix Gateways, Inc.System, apparatus and method for establishing a secured communications link to form a virtual private network at a network protocol layer other than at which packets are filtered
US7496535May 31, 2001Feb 24, 2009Goldman Sachs & Co.Computerized interface for constructing and executing computerized transaction processes and programs
US7502797 *Oct 15, 2004Mar 10, 2009Ascentive, LlcSupervising monitoring and controlling activities performed on a client device
US7502851Jan 24, 2005Mar 10, 2009Cisco Technology, Inc.Facility to transmit network management data to an umbrella management system
US7533334Jun 19, 2008May 12, 2009International Business Machines CorporationApparatus for transmitting accessibility requirements to a server
US7564856Sep 21, 2004Jul 21, 2009Cisco Technology, Inc.Method and system for network access over a low bandwidth link
US7580999Oct 8, 2003Aug 25, 2009Cisco Technology, Inc.Remote system administration and seamless service integration of a data communication network management system
US7606902Jul 22, 2005Oct 20, 2009Citrix Systems, Inc.Method and systems for routing packets from an endpoint to a gateway
US7609721Jul 22, 2005Oct 27, 2009Citrix Systems, Inc.Systems and methods for adjusting the maximum transmission unit for encrypted communications
US7616640Jan 6, 2005Nov 10, 2009Cisco Technology, Inc.Load balancing between service component instances
US7647403 *Nov 29, 2000Jan 12, 2010British Telecommunications Public Limited CompanyMethod for processing a request for access to a data network
US7657657Aug 11, 2005Feb 2, 2010Citrix Systems, Inc.Method for maintaining transaction integrity across multiple remote access servers
US7672249Oct 17, 2006Mar 2, 2010Cisco Technology, Inc.Configurable network appliance
US7685298Dec 1, 2006Mar 23, 2010Citrix Systems, Inc.Systems and methods for providing authentication credentials across application environments
US7702783 *Sep 12, 2007Apr 20, 2010International Business Machines CorporationIntelligent performance monitoring of a clustered environment
US7711835Sep 30, 2004May 4, 2010Citrix Systems, Inc.Method and apparatus for reducing disclosure of proprietary data in a networked environment
US7724657Jul 22, 2005May 25, 2010Citrix Systems, Inc.Systems and methods for communicating a lossy protocol via a lossless protocol
US7725587 *Jun 29, 2001May 25, 2010Aol LlcDeep packet scan hacker identification
US7739159Nov 23, 1998Jun 15, 2010Cisco Technology, Inc.Aggregation of user usage data for accounting systems in dynamically configured networks
US7757074Jan 24, 2005Jul 13, 2010Citrix Application Networking, LlcSystem and method for establishing a virtual private network
US7774836 *Aug 2, 2006Aug 10, 2010Juniper Networks, Inc.Method, apparatus and computer program product for a network firewall
US7779034Oct 7, 2005Aug 17, 2010Citrix Systems, Inc.Method and system for accessing a remote file in a directory structure associated with an application program executing locally
US7808906Jul 22, 2005Oct 5, 2010Citrix Systems, Inc.Systems and methods for communicating a lossy protocol via a lossless protocol using false acknowledgements
US7818758May 2, 2006Oct 19, 2010Mobitv, Inc.Efficient multi-protocol software architecture with shared resources for different applications
US7831833May 6, 2005Nov 9, 2010Citrix Systems, Inc.System and method for key recovery
US7849269Dec 30, 2005Dec 7, 2010Citrix Systems, Inc.System and method for performing entity tag and cache control of a dynamically generated object not identified as cacheable in a network
US7849270Jul 16, 2010Dec 7, 2010Citrix Systems, Inc.System and method for performing entity tag and cache control of a dynamically generated object not identified as cacheable in a network
US7865410Aug 12, 2003Jan 4, 2011Cisco Technology, Inc.Aggregation of user usage data for accounting systems in dynamically configured networks
US7865603Oct 1, 2004Jan 4, 2011Citrix Systems, Inc.Method and apparatus for assigning access control levels in providing access to networked content files
US7870153Jan 18, 2007Jan 11, 2011Citrix Systems, Inc.Methods and systems for executing, by a virtual machine, an application program requested by a client machine
US7870294Oct 1, 2004Jan 11, 2011Citrix Systems, Inc.Method and apparatus for providing policy-based document control
US7900240May 28, 2004Mar 1, 2011Citrix Systems, Inc.Multilayer access control security system
US7921184Dec 30, 2005Apr 5, 2011Citrix Systems, Inc.System and method for performing flash crowd caching of dynamically generated objects in a data communication network
US7925732 *Sep 11, 2007Apr 12, 2011Cisco Technology, Inc.Automatic hardware failure detection and recovery for distributed max sessions server
US7949677Jan 18, 2007May 24, 2011Citrix Systems, Inc.Methods and systems for providing authorized remote access to a computing environment provided by a virtual machine
US7954150Jan 18, 2007May 31, 2011Citrix Systems, Inc.Methods and systems for assigning access control levels in providing access to resources via virtual machines
US7978714Jul 22, 2005Jul 12, 2011Citrix Systems, Inc.Methods and systems for securing access to private networks using encryption and authentication technology built in to peripheral devices
US7978716Dec 17, 2008Jul 12, 2011Citrix Systems, Inc.Systems and methods for providing a VPN solution
US8001239May 13, 2008Aug 16, 2011Verizon Patent And Licensing Inc.Systems and methods for preventing intrusion at a web host
US8001244Apr 12, 2010Aug 16, 2011Aol Inc.Deep packet scan hacker identification
US8010679Nov 28, 2006Aug 30, 2011Citrix Systems, Inc.Methods and systems for providing access to a computing environment provided by a virtual machine executing in a hypervisor executing in a terminal services session
US8014421Sep 15, 2009Sep 6, 2011Citrix Systems, Inc.Systems and methods for adjusting the maximum transmission unit by an intermediary device
US8019868Sep 10, 2009Sep 13, 2011Citrix Systems, Inc.Method and systems for routing packets from an endpoint to a gateway
US8024568Oct 21, 2005Sep 20, 2011Citrix Systems, Inc.Method and system for verification of an endpoint security scan
US8041606Nov 15, 2001Oct 18, 2011The Western Union CompanyOnline purchasing method
US8042120Oct 1, 2004Oct 18, 2011Citrix Systems, Inc.Method and apparatus for moving processes between isolation environments
US8046830Jul 22, 2005Oct 25, 2011Citrix Systems, Inc.Systems and methods for network disruption shielding techniques
US8051180Oct 25, 2006Nov 1, 2011Citrix Systems, Inc.Methods and servers for establishing a connection between a client system and a virtual machine executing in a terminal services session and hosting a requested computing environment
US8065423Mar 1, 2006Nov 22, 2011Citrix Systems, Inc.Method and system for assigning access control levels in providing access to networked content files
US8078715Oct 19, 2010Dec 13, 2011Cisco Technology, Inc.Automatic hardware failure detection and recovery for distributed max sessions server
US8090797May 2, 2009Jan 3, 2012Citrix Systems, Inc.Methods and systems for launching applications into existing isolation environments
US8095940Sep 19, 2005Jan 10, 2012Citrix Systems, Inc.Method and system for locating and accessing resources
US8103720 *Mar 29, 2010Jan 24, 2012Microsoft CorporationApparatus and computer-readable media for processing HTTP requests
US8117314Jan 18, 2007Feb 14, 2012Citrix Systems, Inc.Methods and systems for providing remote access to a computing environment provided by a virtual machine
US8131825Oct 7, 2005Mar 6, 2012Citrix Systems, Inc.Method and a system for responding locally to requests for file metadata associated with files stored remotely
US8132176Sep 19, 2005Mar 6, 2012Citrix Systems, Inc.Method for accessing, by application programs, resources residing inside an application isolation scope
US8151323Dec 5, 2006Apr 3, 2012Citrix Systems, Inc.Systems and methods for providing levels of access and action control via an SSL VPN appliance
US8171479Sep 30, 2004May 1, 2012Citrix Systems, Inc.Method and apparatus for providing an aggregate view of enumerated system resources from various isolation layers
US8171483Oct 20, 2007May 1, 2012Citrix Systems, Inc.Method and system for communicating between isolation environments
US8200818 *Aug 30, 2001Jun 12, 2012Check Point Software Technologies, Inc.System providing internet access management with router-based policy enforcement
US8255456Dec 30, 2005Aug 28, 2012Citrix Systems, Inc.System and method for performing flash caching of dynamically generated objects in a data communication network
US8261057Jun 4, 2010Sep 4, 2012Citrix Systems, Inc.System and method for establishing a virtual private network
US8266107 *Mar 11, 2009Sep 11, 2012International Business Machines CorporationMethod for mirroring a log file by threshold driven synchronization
US8281322Nov 18, 2008Oct 2, 2012At&T Intellectual Property I, L.P.Adaptive application interface management
US8286230May 19, 2010Oct 9, 2012Citrix Systems, Inc.Method and apparatus for associating tickets in a ticket hierarchy
US8291119Jul 22, 2005Oct 16, 2012Citrix Systems, Inc.Method and systems for securing remote access to private networks
US8301839Dec 30, 2005Oct 30, 2012Citrix Systems, Inc.System and method for performing granular invalidation of cached dynamically generated objects in a data communication network
US8302101Sep 19, 2005Oct 30, 2012Citrix Systems, Inc.Methods and systems for accessing, by application programs, resources provided by an operating system
US8312261Aug 12, 2011Nov 13, 2012Citrix Systems, Inc.Method and system for verification of an endpoint security scan
US8326943Nov 7, 2011Dec 4, 2012Citrix Systems, Inc.Methods and systems for launching applications into existing isolation environments
US8327421 *Jan 30, 2007Dec 4, 2012Imprivata, Inc.System and method for identity consolidation
US8341270Nov 28, 2006Dec 25, 2012Citrix Systems, Inc.Methods and systems for providing access to a computing environment
US8341732Jan 18, 2007Dec 25, 2012Citrix Systems, Inc.Methods and systems for selecting a method for execution, by a virtual machine, of an application program
US8351333Aug 30, 2010Jan 8, 2013Citrix Systems, Inc.Systems and methods for communicating a lossy protocol via a lossless protocol using false acknowledgements
US8352606Sep 23, 2011Jan 8, 2013Citrix Systems, Inc.Method and system for assigning access control levels in providing access to networked content files
US8352964Mar 21, 2011Jan 8, 2013Citrix Systems, Inc.Method and apparatus for moving processes between isolation environments
US8355407Nov 14, 2006Jan 15, 2013Citrix Systems, Inc.Methods and systems for interacting, via a hypermedium page, with a virtual machine executing in a terminal services session
US8359391Jan 20, 2012Jan 22, 2013Microsoft CorporationApparatus and computer-readable media for processing HTTP requests determine scoping mapping between a mapped resource name extension and a content type
US8363650Jul 22, 2005Jan 29, 2013Citrix Systems, Inc.Method and systems for routing packets from a gateway to an endpoint
US8370470Jan 19, 2001Feb 5, 2013Web.Com Holding Company, Inc.System and method for managing server configurations
US8397296 *Feb 6, 2008Mar 12, 2013Verizon Patent And Licensing Inc.Server resource management, analysis, and intrusion negation
US8412627Nov 15, 2001Apr 2, 2013The Western Union CompanyOnline funds transfer method
US8463894Oct 1, 2007Jun 11, 2013Oracle International CorporationPerformance monitoring web console for distributed transaction service
US8484718Aug 3, 2006Jul 9, 2013Citrix System, Inc.Systems and methods for enabling assured records using fine grained auditing of virtual private network traffic
US8495305Dec 30, 2005Jul 23, 2013Citrix Systems, Inc.Method and device for performing caching of dynamically generated objects in a data communication network
US8499057Feb 22, 2011Jul 30, 2013Citrix Systems, IncSystem and method for performing flash crowd caching of dynamically generated objects in a data communication network
US8510430Aug 3, 2006Aug 13, 2013International Business Machines CorporationIntelligent performance monitoring based on resource threshold
US8528047Aug 31, 2010Sep 3, 2013Citrix Systems, Inc.Multilayer access control security system
US8533846Nov 8, 2006Sep 10, 2013Citrix Systems, Inc.Method and system for dynamically associating access rights with a resource
US8538870 *Mar 13, 2008Sep 17, 2013First Data CorporationElectronic purchasing and funds transfer systems and methods
US8549149Dec 30, 2005Oct 1, 2013Citrix Systems, Inc.Systems and methods for providing client-side accelerated access to remote applications via TCP multiplexing
US8559449May 31, 2011Oct 15, 2013Citrix Systems, Inc.Systems and methods for providing a VPN solution
US8613048Sep 30, 2004Dec 17, 2013Citrix Systems, Inc.Method and apparatus for providing authorized remote access to application sessions
US8634420May 25, 2010Jan 21, 2014Citrix Systems, Inc.Systems and methods for communicating a lossy protocol via a lossless protocol
US8645537Jul 29, 2011Feb 4, 2014Citrix Systems, Inc.Deep packet scan hacker identification
US8667581 *Jun 8, 2006Mar 4, 2014Microsoft CorporationResource indicator trap doors for detecting and stopping malware propagation
US8700695Dec 30, 2005Apr 15, 2014Citrix Systems, Inc.Systems and methods for providing client-side accelerated access to remote applications via TCP pooling
US8706877Dec 30, 2005Apr 22, 2014Citrix Systems, Inc.Systems and methods for providing client-side dynamic redirection to bypass an intermediary
US8726006Aug 21, 2012May 13, 2014Citrix Systems, Inc.System and method for establishing a virtual private network
US8726149Jul 20, 2009May 13, 2014Cisco Technology, Inc.Method and system for providing reduced-size hypertext content to a limited-display client device
US8739274Jun 29, 2005May 27, 2014Citrix Systems, Inc.Method and device for performing integrated caching in a data communication network
US8763119Mar 8, 2013Jun 24, 2014Home Run Patents LlcServer resource management, analysis, and intrusion negotiation
US8769347May 13, 2010Jul 1, 2014International Business Machines CorporationApparatus and method for monitoring a computer system
US8788581Jan 18, 2013Jul 22, 2014Citrix Systems, Inc.Method and device for performing caching of dynamically generated objects in a data communication network
US20080306712 *Oct 1, 2007Dec 11, 2008Bea Systems, Inc.Performance Monitoring Infrastructure for Distributed Transaction Service
US20100235326 *Mar 11, 2009Sep 16, 2010International Business Machines CorporationMethod for mirroring a log file by threshold driven synchronization
USRE41811Oct 2, 2003Oct 5, 2010Cisco Technology, Inc.Integration of authentication authorization and accounting service and proxy service
EP1158427A2 *Jan 23, 2001Nov 28, 2001Fujitsu LimitedApparatus for managing web site addresses
EP1282268A2 *Jul 30, 2002Feb 5, 2003Hewlett-Packard CompanyNetwork usage analysis system and method for determining excess usage
EP2442489A1 *May 6, 2010Apr 18, 2012ZTE CorporationDistributed management monitoring system, monitoring method and creating method thereof
WO2001086877A2 *May 4, 2001Nov 15, 2001Vijay Krishna BhagavathNetwork usage monitoring device and associated method
WO2002001381A1 *Jun 19, 2001Jan 3, 2002Clinton D BunchSystem and method for tracking time spent and destinations of client computers connected to the internet
WO2002029548A2 *Oct 3, 2001Apr 11, 2002Sun Microsystems IncHttp transaction monitor with capacity to replay in debugging session
WO2002029571A2 *Oct 3, 2001Apr 11, 2002Sun Microsystems IncHttp transaction monitor with edit and replay capacity
WO2002029641A2 *Oct 3, 2001Apr 11, 2002Sun Microsystems IncHttp transaction monitor with replay capacity
WO2002033621A1 *Oct 9, 2001Apr 25, 2002Goldman Sachs & CoComputerized interface for constructing and executing computerized transaction processes and programs
WO2002033623A1 *Oct 12, 2001Apr 25, 2002Golman Sachs & CoApparatus, methods and articles of manufacture for executing computerized transaction processes
WO2002033635A1 *Oct 9, 2001Apr 25, 2002Goldman Sachs & CoApparatus, methods and articles of manufacture for constructing and executing computerized transaction processes and programs
WO2002033636A1 *Oct 9, 2001Apr 25, 2002Goldman Sachs & CoApparatus, methods and articles of manufacture for constructing and executing computerized transaction processes and programs
WO2002033637A1 *Oct 9, 2001Apr 25, 2002Goldman Sachs & CoApparatus, methods and articles of manufacture for constructing and executing computerized transaction processes and programs
WO2010133507A1 *May 13, 2010Nov 25, 2010International Business Machines CorporationApparatus and method for monitoring a computer system
Classifications
U.S. Classification709/224, 719/328, 709/229, 709/203
International ClassificationH04L12/26
Cooperative ClassificationH04L43/16
European ClassificationH04L43/16
Legal Events
DateCodeEventDescription
Apr 8, 2008FPExpired due to failure to pay maintenance fee
Effective date: 20080215
Feb 15, 2008LAPSLapse for failure to pay maintenance fees
Aug 27, 2007REMIMaintenance fee reminder mailed
Sep 3, 2003REMIMaintenance fee reminder mailed
Jul 10, 2003FPAYFee payment
Year of fee payment: 4
Jan 27, 1997ASAssignment
Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SHRADER, THEODORE JACK LONDON;AULT, MICHAEL BRADFORD;PLASSMANN, ERNST ROBERT;AND OTHERS;REEL/FRAME:008413/0799
Effective date: 19970122